Abstract
In order to combat the increasing complexity of cyber attacks, a new category of cyber defense called dynamic cyber defense has been the focus of a significant amount of work. Dynamic cyber defense mechanisms aim to protect networks by modifying their attributes in order to confuse would-be attackers. Currently, the majority of the existing mechanisms are purely theoretical and have been the subject of minimal performance analysis. There has also been almost no effort to perform comparative analysis of different techniques. As a result, there is a great need for a method of modeling different mechanisms within a single system in order to conduct comprehensive, comparative performance analysis.
This work develops the framework of a system called Dynamic Virtual Terrain (DVT), which can be used for comparative analysis of dynamic cyber defense mechanisms under identical conditions. DVT models network topology using nodes, which represent members of a network, and access permissions, which describe the connectivity of the network. DVT also defines a generic dynamic cyber defense algorithm that can be extended in order to implement a hierarchy of techniques. An implementation of DVT is created in order to perform experiments with IP address hopping, port hopping, and dynamic firewall mechanisms in a cyber attack simulation environment. Attack scenarios are developed to evaluate the performance of the mechanisms under identical conditions, and the results of simulating these scenarios are used to analyze the performance of the implemented mechanisms.
Library of Congress Subject Headings
Computer networks--Security measures--Evaluation; Computer networks--Security measures--Computer simulation; Cyberterrorism--Computer simulation
Publication Date
12-2014
Document Type
Thesis
Student Type
Graduate
Degree Name
Computer Engineering (MS)
Department, Program, or Center
Computer Engineering (KGCOE)
Advisor
Shanchieh Jay Yang
Advisor/Committee Member
Michael Kuhl
Advisor/Committee Member
Andres Kwasinski
Recommended Citation
Wheeler, Benjamin Fredrick, "A Computer Network Model for the Evaluation of Moving Target Network Defense Mechanisms" (2014). Thesis. Rochester Institute of Technology. Accessed from
https://repository.rit.edu/theses/8536
Campus
RIT – Main Campus
Plan Codes
CMPE-MS
Comments
Physical copy available from RIT's Wallace Library at TK5105.59 .W44 2014